Mac users, update now! “Powerdir” flaw could allow attackers to spy on you
If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research...
News
Campaign launched to delay social media end-to-end encryption
The many issues surrounding end-to-end encryption (E2EE) are ever-present. They usually spring up when something that could potentially affect the...
Box flaw allowed to bypass MFA and takeover accounts
A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability...
Cybercriminals’ friend VPNLab.net shut down by law enforcement
Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no...
Is White Rabbit ransomware linked to FIN8 financially motivated group?
A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8...
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer. If you...
AlphV/BlackCat ransomware gang published data stolen from fashion giant Moncler
Luxury fashion giant Moncler confirmed a data breach after a ransomware attack carried out by the AlphV/BlackCat. Moncler confirmed a data...
Financially motivated Earth Lusca threat actors targets organizations worldwide
A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. Trend Micro...
Why we don’t patch, with Jess Dodson: Lock and Code S03E02
In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150...
Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs
Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An...
Nintendo warns of imitation websites and suspicious hardware
Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a...
Infamous dark net carding site UniCC to close
UniCC, the largest site on the dark web that sells credit card and debit card information, will close up shop...
Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues
Microsoft released Windows emergency out-of-band (OOB) updates to fix multiple issues caused by January 2021 Patch Tuesday updates. Microsoft has...
A small number of Crypto.com users reported suspicious activity on their wallet
Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) from their wallets. Several Crypto.com users...
Oracle Critical Patch Update for January 2022 will fix 483 new flaws
The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This...
Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
Our technical brief provides an in-depth look at Earth Lusca’s activities, the tools it employs in attacks, and the infrastructure...
US-CERT Bulletin (SB22-017):Vulnerability Summary for the Week of January 10, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Zoho fixes a critical vulnerability (CVE-2021-44757) in Desktop Central solutions
Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management...
REvil ransomware gang busted by Russian Federal Security Service
Eight members of the REvil ransomware group have been arrested in Russia and will be pressed with criminal charges. Russia’s...
High-Severity flaw in 3 WordPress plugins impacts 84,000 websites
Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company...
A week in security (January 10 – 16)
Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock downSome Android users can disable 2G now...
Experts warn of attacks using a new Linux variant of SFile ransomware
The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations....
Kyiv blames Belarus-linked APT UNC1151 for recent cyberattack
Ukrainian government attributes the recent attacks against tens of Ukrainian government websites to Belarusian APT group UNC1151. The government of...
European Union simulated a cyber attack on a fictitious Finnish power company
The European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. Cyber drills...
